On 2016-10-19 01:37, Rob Stradling wrote:
On 18/10/16 23:49, Gervase Markham wrote:
On 18/10/16 15:42, Ryan Hurst wrote:
I do not understand the desire to require StartCom / WoSign to not
utilize their own logs as part of the associated quorum policy.
My original logic was that it could be seen that the log owner is
trustworthy. However, you are right that CT does not require this.
A log operator could offer a split view of their log, and this might go
undetected. That's why we need CT gossip to exist.
I at least have some concerns about the current gossip draft and talked
a little to dkg about this. I should probably bring this up on the trans
list.
Kurt
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
